itm sent me this site
Where you get challenges and have to hack in to the next challenge.
I only just started

old :]

very old and boring :)

woooo level 3 muthabitches!

level 4!!! hahah reet

If I didn't have a f***ing huge assginment due I would be playing wargames but alas asignment is due tommrow

Level 6 - i give up, this is too hard

Level two
User name: Try2Hack
Password: NokiaIsGood

i cant code, hack or do any of that s*** ... and never want to

but someone gave me a few pointers and i think i got to Lv5 once

too boring for me :)

why are you posting answers? don't be an a******

Better yet would you like to see how I did it so that others can learn? Or should I wait for the others to catch up.

Anyway here is a hint
// <<<<<<<< Have a look here
//gaybo script

spam +1

gayyyyy

spammage

herbal can't code...

Sorry Teen I f***ed up your thread. :/

I'll remmber to comment s*** out next time

So Evis you want to prove you can?

just put [/script] in ur post, u forgot to put it in...

but I have no idea otherwise...

Thanks Evis this forum is different form some of the other forums I use for posting code snippets

there I fixed it lol

I have ur name and shti in my post :P

Thanks for fixing it but can you just remove the script

Edit: and your little comment please

herbillizard, can you please ICQ me on 82763218 or MSN on i_ownj_u@hotmail.com

thx

he can someone teach me this stuff
i did the first lvl easy as hell and i wanna know how to do the second
dont just give me the password i wanna learn

I guess the first clue to give you reaperman is that you're going to have to go to some effort to find the password. What's different about level 2 than level 1? Think about that.


Someone give me a clue for level 4. What does 'local1' do? Is it relevant? I have several theories on what the username/password are but they all contradict each other. I'm guessing the username and password are derived from each other somehow.

Hint: Your on the right track you have to decompile the binary usin javap out of the Java Development Kit (I think thats what JDK stands for)

Using the inFile() method look for string #15 and you guessed it its 'level4' then think what you will do next. Think url!

I'm thinking how to rip up level five which happens to be an .exe. I'm thinking WinHex32 might do the job. I'll have a look at this over the weekend I still can not break level 5 yet

I Soooooo hate java programing.

righto well its obvious its in flash but what can i do? download it and check it or something? i checked the source code like the first but that obviously is wrong

Reaperman I will give you another hint. You need to get the contents of the flash file and sort through the code

*************************************************
/contents of the file pasted from notepad
*************************************************
FWS� p � �� 
C 3�?
 Courier New   *  w� ����0
�
��� ( Username :
�
 �  *  w� ����0
�
��� ( Password :
�  +�~ ?\  e�#_B�
��k@ ��� �

�5o�zs�
����0�>(�[ tR��;)>/" �N ��r3�r
Pu�����P
�� ?�  e���S
H��Mh�'[W  �������� �+++���$�`�U�>� �������� �+++� ���4��:�1��<�\��3"��J!�w�c��
ML1w�5�?� �r�͔��$���)�����˃��2yQ�k�ҩ쀀 ?&
 e�#_B�
f��
 �o�zg:� �� �a�|Q�� ���vR|^D
b�
c:�g:���U�����C�����Y�Ұ �0���b��
�ZS�?٭\�}6r��̠,��0��F$�BT
�!ꣿ�:P j,> �
�� ��� � f��

�!5o�zYΆ�vp{o�o��:){���� X� Xιι(:��m��t��ln?�L�+ � >K�ϖ+� �=�����q��g/k�,�ȫ��$bgV'3l��U��ҀQ` ?�  \P�
�
�� ��� �

�5n?�s4� >L �.�>X�l tV���kW5�M��� �("��/d��9�P� gHz���Δ ��
��Mh�'[C� �������� �+++� n'�>8* ~ge�v����r����B�r�ī��{ �@
��$�`�U��  �������� �+++� q_��9�Y�k�fdQ���D<��ls�a���.�&���ė�GQ � H  e�#_B�
3� o�zg:� �� �a�|Q�� ���vR|^D
b�
c:�g:���U���Ԡ�� �� &

      
  �
txtUsername � Try2Hack -===HINT===-
txtPassword � NokiaIsGood -===HINT===-
I�  � LLeVeLL3.html _self � �u�U�>UC�� ]
pS�[�~p
����_Tݠ ��
 -���V
E� hd|�T�
�8
��G�^�P
�P ]��n �� ��F���� �
��� +  w�
@��@
�
���  ( txtUsername �  ��>�OE4�
 +  w�
���@
�
���  ( txtPassword �
 Pfe @
**************************************************

thanx guys
i really should refresh the forum before i post crap

Also I need help with the core crackme its f***ing uber hard to crack

this is gay i can't get lvl 2
i did

user:::: Try2Hack
pass:::: NokiaisGood

any way how did you figure that out

In the script it calls FlashLevel2.swf one of my previous posts shows the contents of the file. Half the bloody trouble is saving the flash file. I'll let you stew that over for a while

im stuck on lvl 3 :( i thought i got it straight away but they were being sneaky. any hints?

im completely stuck on lvl 3 as well

level 3 was easy! hint - get the password wrong first, then go from there.

teen have you had any luck with level 4 yet I need some help with 5

no but I can sense I'm close to it.. there are just a few things I don't understand in the code

level 7, this is where you have to start decompiling s***.

Theres a better one in japan where the admin placed holes and some backdoors in his server that you need to exploit to get your name on the hall of fame, cant remember the url though :|

Can someone Tell me if the level 3 password is:

AbCdE

Cause in the source it says it is, and it wont work for me

cobz checkout wargames at HDC BBS
http://www.hackers.com/________.________/ yes thats the url really. They have a few linux based systems to crack

Teen your really close I can tell you that much. What part are you having trouble with.

I have so got to pick up my act in regards to coding

No, that's NOT The Correct Answer, Ice

clicky
there should be a link there for "no preview"

I don't get the for loop and the if statement following it. It looks to me like the password is just the username with more characters in it, and I know it's matching it up with an array that may have 'level4' written in it.
Then it refreshes to a URL based on the password - so maybe you don't have to type a password in just figure out the url...

Found level 3

herbal i remember writing a basic article on how to get around restrictions in mac computers there (my schools second computer room :) is that a hidden board? looks like it, the one i used to visit was full of people asking how to hack hotmale.
I found a weird exploit in novell netware yesterday, flooding the /perl/samples/ndslogin.pl path with logins will crash the server. http://www.woodleigh.vic.edu.au/perl/samples/ndslogin.pl what the form looks like. If any admin reads this and gets paranoid..i dont f*** with webservers i actualy enjoy visiting.

test (may have borked my links)

Oh no It wasn't you it was me because I f***ed up when I was commenting some code YET AGAIN. And I burnt my dinner which pisses me off

Need help on level 4 :)

Someone help me with the java class file please :)

totno = totno + 1;
inuser[totno] = local1;
local1 = "";

it checks inuser to make the username inuser[2] and the password inuser[3]
but assigns both of these local1, which = "" nothing :(.

No password and username?

I wanna know where local1 is declared - NOWHERE

mmm level 4 hint

1. download jad
2. decompile
3. look at source code and see inFile="level4"
4. download "level4" file
5. notice "
http://www.try2hack.nl/5_level_5.html"
6. go to that url

The code base for the applet is http://www.try2hack.nl/ so just add inFile="level4 to the url http://www.try2hack.nl/level4 right click then view source what do you see.

hast - I don't follow your logic - what is "download level4 file" mean?

"view source" ?? that doesn't work on this site...

I tried going to that url but it's a blank page, when I download it i get this:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
Transitional//EN">

<!-- saved from url=(0029)http://www.try2hack.nl/level4
-->

<HTML><HEAD>

<META http-equiv=Content-Type content="text/html;
charset=windows-1252">

<META content="MSHTML 6.00.2719.2200" name=GENERATOR></HEAD>

<BODY><PRE></PRE></BODY></HTML>

My arse it doesn't try right click on the link then view source

This is what I found

5_level_5.html

Username Try2Hack
Password: AppletsAreEasy

and for the record I tried going to 'level4' almost immediatly when I read the code.

I've been sitting here drawing up f***ing traces of the algorithm, and trying to figure out how the password is encoded using that offsetting method they have f*** you all for having non-broken computers,.

bump
Contents of level4
5_level_5.html
Try2Hack
AppletsAreEasy

My arse it doesn't try right click on the link then view source

Nope that doesn't work.
These challenges would actually be pretty f***ing easy if you could see the source.

i got it, with that lil help :P

Does that explain much

Someone tell us about level5

Username=AlmostAHacker
Password=ZqrE01A2d

is that false? a fake one :( damnit doesnt work for me

Its false as far as I can see

well im pretty much f***ed now :)

Same here I will have a look how it uses memory and see if caputuring some snapshots will help.

Level 6 (NOT !)



Did you really think it would be this easy ? Go back and try again !

lool

I tried a couple of vb decompilers on it alas no joy so I was thinking
enter a value and see how it is passed into memory and take a snapshot with a hex editor and look for that same value

I got it! Try to hack out of inspiration!

I cant take snapshot of memory something about too many addresses :(

how care to explain

clue: look up what Mid() does

thanks

i stopped when it said to download something so i could decompile .... not a chance in hell id even consider it

with the flash password ones ... is that just how his is setup?

surely u cant just get into stuff that easy :)

i guess his password is just linked to an invisible field in his flash movie

What decompiler did you use

ftp://ftp.one.net/pub/users/dreitz/decompiler/vbdis22e.zip

not a chance in hell id even consider it

Get out of your diapers you f***ing baby - be a man - download an EXE file created in VB.

herbal lizard fs, fix your sig it keeps borking the thread

teen: i dont have any progs which do this stuff.... wouldnt know where to start

NEVER want to learn it ... ill stick to 3D thx

Can someone give us a crash course in how to work that vb decompiler.. i keep gettings errors VB is not instaleld and how do i save a *.frm file as a *.txt file

Ice, i get the same errors... just chose 'combine forms' from the menu... then use wordpad to open the files it's output - one of them had pretty coherent code in it.

I just figured it out with that decompiler you recommended teen c001A has a set of aphlanumerical values as well as .,:;-*+=~|&!_$#@()[]{}<\/> which are shown in the level5.bas file.

Each of the varibles coresponses to the vaules in c001A for txtUsername and txtPassword. There has to be a easier way instead of counting each of these vaule and matching the varibles

*hint level5.bas

Thats it use the Const mc001A = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,:;-*+=~|&!_$#@()[]{}<\/>"
to match each instance of mc001A
mc001A, 56 = T
mc001A, 28, = r
mc001A, 35, = y

= Try and so on and so on

etc etc simply count across from 0123... until you reach the value in each instance of mc001A

f*** finnaly

Try2Hack
OutOfInspiration

yes that's it :P It didn't take me long to find them, because in ms word it tells you which column your cursor is in.

the proxy in 6 wtf. Got any good any ideas on how to attack it?

well I've been looking at the .exe file in wordpad and there are a few clues as to the software used to compress the program, perhaps uncompressing it with the same utility will make it decompilable again.
Also perhaps hex editting or something will help reveal the mystery.

but it's late so I'm going to leave it for another time :P

It must send an authenication request back to the server and its susposidly protected any ideas

um yeah, you can't decompile VB5 and VB6... so wtf

Uhhhmmm you want to try with the hex editor I'll see what travels through the IDS on smoothwall see if authenication is done client side or server side. Me prays client.

Or even WinDASM32 might do it

There is only place the clues are accessible to you though - and that's in the .exe file.... maybe we won't able to see the source, but there is some way to look at it I bet.

Im off to sleep ;) exams today, f*** this thing i would have gone to sleep ages ago :)

Played around with it for a while, lost intrest in the frist 5 sec's.

Teen I'll give it another crack next week when I have some holies thank f***.

Anyone get level 6 yet, im using Etheral as the packet sniffer but it says its encrypted and i dont know the cypher :(

I am up to level 8

sooo reet

Give us help with level 6 it says encryped! :( And i dont know how to find the cypher.. eg.

GET /p.lv6 HTTP/1.1
Connection: KeepAlive-Alive
User-Agent: Mozilla/4.0
Accept: "/"

HTTP/1.1 200 OK
Date: ...
Server: Apache
yadah yadah yadah

Content-Type: text/plain

.(ENCRTPTION TYPE)
B*C*N**N

(USERNAME)
ababa abbab baaaa aaabb

(PASSWORD
ababa aaaaa abbaa abbba aaaa baaaa babba

then Page etc..

Help me :)

well the user name and password are encrypted in a specific format....I am not sure what more I can help...google it mang...thats what google is there for

screw this, I'm just gonna stick to 3d like Hem. I cant be bothered decompiling and so on just so I can say I am reet.

Ok level 8 now got level 7

Someone tell me how to work in the phf cgi exploit. :)

Ice how did you crack level 6 I havn't look at it since last week

I actually looked at lvl 6 today, I couldn't get the packet sniffer to work tho.
my hard drive got trashed a few minutes later, so I won't be hitting it for a while.

I tryed a sniffer but its encrypted with some weird s***...any idea yet all I get is the same as what ICE posted.

On of my tutors is stuck on 9 the only hint he will give me is that its in the encryption. Yeah well dah but what to do from there. Maybe have a look at it with a hex editor...I'm going to have a chat with him tommrow and find out what he did.

My tutor also said that he might make it a class project for my manage security subject. Go figure